AWS Flow Log collection and reporting capabilities are now generally available in IBM SevOne 8.2, extending application-centric troubleshooting workflows into the cloud. This enhancement enables organizations to achieve comprehensive visibility into network traffic across both on-premises environments and AWS - from a single platform. 

With this release, you can consolidate hybrid network data into a unified solution, covering both cloud and on-premises flow logs alongside infrastructure metrics. This integrated approach simplifies operations, reduces tool sprawl, and improves overall network observability. 

Additionally, SevOne 8.2 introduces seamless workflow integration, allowing users to easily pivot between cloud infrastructure metrics and flow data within a single reporting experience. This capability accelerates troubleshooting, enhances root cause analysis, and supports more informed decision making across hybrid environments. 

Today, most NetOps teams have strong visibility into on-premises network traffic, as well as traffic traversing on-ramp routers connecting to their cloud environments. However, visibility often diminishes once workloads move into the cloud, creating a gap in understanding traffic behavior and application context within cloud environments. 

This lack of insight represents a significant blind spot for NetOps teams. Because cloud providers manage the underlying network infrastructure, organizations can find it challenging to monitor traffic activity, ensure consistent application performance, and maintain network availability. 

To address this challenge, cloud providers offer network telemetry services such as AWS Flow Logs, which help restore visibility by capturing detailed traffic data and closing the observability gap. 

While cloud infrastructure metrics, such as those from AWS EC2 instances and Transit Gateway (TGW) network interfaces, provide valuable traffic statistics, they do not include the richer contextual information (such as endpoints, applications, and geographic location) needed to fully understand traffic patterns. Combining these data sources is essential for gaining deeper, actionable insights into network behavior in the cloud. 

While cloud infrastructure metrics provide valuable network traffic statistics for AWS services such as EC2 instances and Transit Gateway (TGW) interfaces, they lack the contextual depth—such as endpoints, applications, and geographic location—required to generate meaningful and actionable traffic insights. 

When AWS VPC Flow Logs are enabled, the options for effectively viewing and visualizing this data remain limited. For example, users can leverage Amazon CloudWatch Logs to access raw flow records, but analyzing this data can be time-consuming and operationally inefficient. Alternatively, flow log files can be downloaded and processed using third-party tools, which introduces additional complexity and manual effort. 

Although services like Amazon S3 can be used to store flow log data, they are not optimized for long-term analytics and reporting. Storage costs can escalate quickly at scale, often necessitating restrictive data retention policies that limit historical visibility. 

As a result, organizations often struggle to efficiently analyze and extract value from cloud network flow data using native tools alone. 

Cloud and NetOps teams are typically focused on optimizing cloud costs (such as egress charges and service consumption), improving traffic path efficiency, and troubleshooting connectivity both to and within their cloud environments. 

Similar to traditional NetFlow technologies (e.g., IPFIX), AWS Flow Logs provide critical insights into network activity, enabling a wide range of operational and analytical use cases, including: 

In addition, as organizations migrate workloads to the cloud, enhanced visibility into network traffic patterns becomes essential. These insights enable teams to troubleshoot connectivity and routing issues in real time while also identifyingopportunities to optimize cost and performance throughout the migration process. 

In AWS, a cloud network - often referred to as a virtual data center - is implemented as a Virtual Private Cloud (VPC). A VPC is deployed within a specific AWS Region and consists of subnets distributed across multiple Availability Zones within an account. 

AWS Flow Logs can be enabled at the VPC, subnet, or network interface level, providing flexible visibility across different layers of the cloud network. A flow log captures metadata about IP traffic flowing to and from network interfaces within the VPC. 

As a native feature of the AWS VPC service, Flow Logs record key information such as IP packet metadata and bandwidth utilization for traffic traversing the VPC, including interactions with Elastic Network Interfaces (ENIs). This data forms a critical foundation for understanding network behavior, monitoring traffic patterns, and supporting operational and security use cases in the cloud. 

AWS supports two primary types of flow logs: VPC (Virtual Private Cloud) Flow Logs and Transit Gateway (TGW) Flow Logs. Both formats capture network traffic metadata similar to traditional flow technologies such as NetFlow or IPFIX, while also including AWS-specific context. 

In addition to standard flow fields, AWS Flow Logs enrich traffic data with cloud-native attributes such as Account ID, Region, Availability Zone (AZ), Subnet, Instance ID, and Interface ID. This additional context enables more detailed analysis of traffic patterns and improved visibility across cloud environments. 

For more detailed information, refer to the official AWS documentation for VPC Flow Logs and Transit Gateway Flow Logs. 

Onboarding AWS Flow Logs into IBM SevOne and enabling reporting is straightforward and flexible. Users can manually enable flow logs within their AWS environments, or leverage SevOne NPM automation through Terraform scripts to streamline deployment. 

The newly introduced AWS Integration Manager supports flow log ingestion, automatically deploying dedicated collectors in each configured region to gather flow log data efficiently. This architecture ensures scalable and regionally distributed data collection aligned to cloud deployments. 

SevOne also provides flexibility in how flow logs are enabled - users can activate logging on demand for targeted investigations or enable continuous monitoring across selected or entire segments of their cloud network. 

For reporting and analysis, users can leverage Data Insight flow reports, which include out-of-the-box (OOTB) cloud-specific flow views designed for AWS environments. Additionally, the Flow Explorer enables deeper, interactive exploration of cloud flow data, helping teams quickly identify patterns, troubleshoot issues, and gain actionable insights. 

Enhanced Resource Selection and Usability in IBM SevOne 8.2 

IBM SevOne 8.2 introduces enhanced resource selection capabilities and more intuitive naming conventions to simplify reporting and analysis for cloud environments. 

With the new Cloud Flow resource type, users can easily drill down into different layers of their cloud network - including VPCs, accounts, regions, instances, and Transit Gateways (TGWs) - using straightforward, user-friendly resource selection. This eliminates the need to work with complex identifiers such as account IDs, instance IDs, VPC IDs, or TGW IDs, as these elements are now mapped to the descriptive names configured within the AWS console. 

By aligning resource naming across flow logs, metrics, and the AWS console, SevOne ensures consistency and clarity. Users can quickly identify cloud resources using familiar names, enabling faster report creation, and more intuitive analysis. 

This unified context also allows for seamless correlation between performance metrics (PM) and flow log data. With all tools using a consistent naming framework, users can easily pivot between reports and analyze data side by side, improving both troubleshooting efficiency and insight generation. 

Additionally, these enhancements provide greater granularity and visibility into specific accounts, regions, VPCs, and other components of the AWS environment. Users can quickly drill down into targeted segments of the network without the need to create complex report filters, streamlining workflows and accelerating time to insight. 

With the general availability of this capability in IBM SevOne 8.2, organizations can now extend comprehensive network visibility across both on-premises and cloud environments. 

We invite you to explore this feature within your network environment and share your experience with us. Your feedback and insights - particularly around real world use cases - are invaluable in helping us continue to enhance SevOne and deliver capabilities that align with your evolving needs and drive meaningful impact for your organization.